﻿using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.OleDb;

public partial class admin_freedom : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        // 在此处放置用户代码以初始化页面
        if (!Page.IsPostBack)
        {
            buildcode();
            //注销身份
            System.Web.Security.FormsAuthentication.SignOut(); 
        }
    }
    //生成验证码
    public void buildcode()
    {
        Random a = new Random();
        code.Text = "";
        string temp = "";
        for (int i = 0; i < 4; i++)
        {
            string t = Convert.ToInt16(9 * a.NextDouble()).ToString();
            code.Text += "<img height='20' src='img/count/" + t + ".gif'>";
            temp += t;
        }
        Session.Add("code", temp);
    }
    //登录
    public void login(object sender, System.Web.UI.ImageClickEventArgs e) {
        string lname = admin.Text.Trim().Replace("'", "");
        string lpwd = pwd.Text.Trim().Replace("'", "");
        string lsafecode = safecode.Text.Trim().Replace("'", "");

        if (Session["code"] != null)
        {
            if (lsafecode == Session["code"].ToString())
            {
                OleDbConnection conn = DB.conn();
                if (conn != null)
                {
                    conn.Open();
                    OleDbCommand comm = new OleDbCommand();
                    comm.Connection = conn;
                    comm.CommandText = "select * from admin where admin='" + lname + "' and password='" + MD5.String2MD5(lpwd) + "'";
                    OleDbDataReader dr= comm.ExecuteReader();
                    //查询用户名密码是否匹配
                    if (dr != null && dr.HasRows)
                    {
                        dr.Read();
                        Session.Add("admin", dr["admin"].ToString());
                        Session.Add("adminId", dr["id"].ToString());
                        Session.Add("roleId", dr["roleid"].ToString());
                        comm.CommandText = "select roleName from roles where id="+dr["roleid"].ToString();
                        dr.Close();
                        dr = comm.ExecuteReader();
                        if (dr != null && dr.HasRows) {
                            dr.Read();
                            Session.Add("role", dr["roleName"].ToString());
                        }
                        //添加认证信息
                        System.Web.Security.FormsAuthentication.SetAuthCookie("Admin", false);
                        Response.Redirect("admin/index.aspx");
                    }
                    else
                    {
                        Response.Write("<script>alert('用户名或密码不正确！');</script>");
                    }
                    conn.Close();
                }
                else
                {
                    Response.Write("<script>alert('连接数据库失败！');</script>");
                }
            }
            else
            {
                Response.Write("<script>alert('验证码错误！');</script>");
            }
        }
    }
}
